CompTIA JK0-018 Security+ E2C Certified Practice Exam Set 8

Which of the following results in datacenters with failed humidity controls? (Select TWO).


Options are :

  • Condensation
  • Improper ventilation
  • Electrostatic charge
  • Excessive EMI

Answer : Condensation Electrostatic charge

CompTIA JK0-022 Security Cryptography Certification Exam Set 6

The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?


Options are :

  • Damage and Loss Control
  • First Responder
  • Business Impact Analysis
  • Contingency Planning

Answer : First Responder

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?


Options are :

  • True negatives
  • False negatives
  • True positives
  • False positives

Answer : False positives

Key elements of a business impact analysis should include which of the following tasks?


Options are :

  • Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
  • Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
  • Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
  • Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

Answer : Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 11

Which of the following protocols provides transport security for virtual terminal emulation?


Options are :

  • SCP
  • TLS
  • S/MIME
  • SSH

Answer : SSH

To ensure proper evidence collection, which of the following steps should be preformed FIRST?


Options are :

  • Copy all compromised files
  • Capture the system image
  • Review logs
  • Take hashes from the live system

Answer : Capture the system image

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?


Options are :

  • Routine log audits
  • Separation of duties
  • Job rotation
  • Risk likelihood assessment

Answer : Routine log audits

CompTIA Cyber Security Analyst (CySA+) Practice Exams 2019 Set 5

Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?


Options are :

  • Structured walk through
  • Check list test
  • Table top exercise
  • Full Interruption test

Answer : Structured walk through

A company that has a mandatory vacation policy has implemented which of the following controls?


Options are :

  • Risk control
  • Technical control
  • Privacy control
  • Physical control

Answer : Risk control

Which of the following means of wireless authentication is easily vulnerable to spoofing?


Options are :

  • WPA - PEAP
  • Enabled SSID
  • MAC Filtering
  • WPA - LEAP

Answer : MAC Filtering

220-801 CompTIA A+ Certification Practice Exam Set 9

Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?


Options are :

  • Intrusion Detection System
  • Flood Guard Protection
  • Web Application Firewall
  • URL Content Filter

Answer : Web Application Firewall

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).


Options are :

  • 143
  • 137
  • 139
  • 110

Answer : 137 139

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?


Options are :

  • Multifactor authentication
  • Identification
  • Separation of duties
  • Single factor authentication

Answer : Single factor authentication

220-702 CompTIA A+ Practical Application Practice Exam Set 5

Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server. However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?


Options are :

  • DMZ
  • Honeypot
  • VLAN
  • Honeynet

Answer : Honeypot

The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?


Options are :

  • Configure the access points so that MAC filtering is not used
  • Disable the SSID broadcasting
  • Implement WEP encryption on the access points
  • Lower the power for office coverage only

Answer : Lower the power for office coverage only

Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?


Options are :

  • A plan that skips every other replaced computer to limit the area of affected users.
  • A disk-based image of every computer as they are being replaced.
  • A back-out strategy planned out anticipating any unforeseen problems that may arise.
  • An offsite contingency server farm that can act as a warm site should any issues appear.

Answer : A back-out strategy planned out anticipating any unforeseen problems that may arise.

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 9

A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program?s behavior?


Options are :

  • Operating system?s scalability is maintained
  • User?s confidentiality is maintained
  • Program?s availability is maintained
  • Operating system?s integrity is maintained

Answer : Operating system?s integrity is maintained

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?


Options are :

  • Mandatory Vacations
  • Acceptable Use
  • Privacy Policy
  • Least Privilege

Answer : Mandatory Vacations

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).


Options are :

  • Rootkit
  • Botnet
  • Backdoor
  • Logic Bomb

Answer : Backdoor Logic Bomb

CompTIA 220-801 A+ Advanced Certification Practice Exam Set 3

Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:


Options are :

  • Set up honey pot and place false project documentation on an unsecure share.
  • Apply security updates and harden the OS on all project servers.
  • Increase antivirus coverage of the project servers.
  • Block access to the project documentation using a firewall.

Answer : Set up honey pot and place false project documentation on an unsecure share.

An advantage of virtualizing servers, databases, and office applications is:


Options are :

  • Providing greater resources to users
  • Centralized management
  • Decentralized management.
  • Stronger access control.

Answer : Centralized management

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) is to: (Select TWO).


Options are :

  • Use a web proxy to pass website requests between the user and the application.
  • Restrict and sanitize use of special characters in input and URLs.
  • Permit redirection to Internet-facing web URLs.
  • Validate and filter input on the server side and client side.
  • Ensure all HTML tags are enclosed in angle brackets, e.g., < and >.

Answer : Restrict and sanitize use of special characters in input and URLs. Validate and filter input on the server side and client side.

CompTIA CA1-001 Advanced Security Practitioner Practice Exam Set 7

Which of the following protocols would be used to verify connectivity between two remote devices at the HIGHEST level of the OSI model?


Options are :

  • TCP
  • ICMP
  • IPSec
  • SCP

Answer : SCP

Which of the following is the MOST intrusive type of testing against a production system?


Options are :

  • Penetration testing
  • White box testing
  • Vulnerability testing
  • War dialing

Answer : Penetration testing

A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?


Options are :

  • Group based privileges
  • Domain admin restrictions
  • Time of day restrictions
  • User assigned privileges

Answer : Group based privileges

NEW! CompTIA A+ 2019 Cert. Core 2 (220-1002) Practice Tests Set 3

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?


Options are :

  • Honeypot
  • Audit logs
  • Security logs
  • Protocol analyzer

Answer : Honeypot

Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?


Options are :

  • Record time offset
  • Network sniffing
  • Screenshots
  • Capture system image

Answer : Network sniffing

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application?


Options are :

  • Vulnerability scan
  • Protocol analyzer
  • Port scanner
  • Penetration test

Answer : Vulnerability scan

JK0-019 CompTIA E2C Network + Certification Exam Set 8

Which of the following tools would a security administrator use in order to identify all running services throughout an organization?


Options are :

  • Architectural review
  • Port scanner
  • Design review
  • Penetration test

Answer : Port scanner

Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the following authentication methods should Jane use?


Options are :

  • CCMP
  • LEAP
  • WPA2-PSK
  • WEP-PSK

Answer : LEAP

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions